package service

import (
	"git.oschina.net/fanbuchi/xgggh/oauth2/model"
)

func  UserLogon(client *model.Client, account *model.Account, scope string) (*model.AccessToken, *model.RefreshToken, error) {
	// Return error if user's role is not allowed to use this service
	/*if !s.IsRoleAllowed(account.RoleId) {
		// For security reasons, return a general error message
		return nil, nil, oauth2Error.InvalidUsernameOrPassword
	}*/

	// Create a new access token
	accessToken, err := GrantAccessToken(
		client,
		account,
		model.GetOauthConfig().AccessTokenLifetime, // expires in
		scope,
	)
	if err != nil {
		return nil, nil, err
	}

	// Create or retrieve a refresh token
	refreshToken, err := GetOrCreateRefreshToken(
		client,
		account,
		model.GetOauthConfig().RefreshTokenLifetime, // expires in
		scope,
	)
	if err != nil {
		return nil, nil, err
	}
	return accessToken, refreshToken, nil
}

